Slashdot Mirror
Ask Slashdot: What's the Real NSA Like?
"The National Security Agency, is actually an organization of geeks and nerds parallel to the role of Q in James Bond. They arm the government (CIA, the spy agency; FBI the government police, and the military) with cryptographic systems to protect the missions of those other organizations, and they also have the job of trying to break the cryptographic systems that might be in place to prevent the completion of those missions. You can see this evidenced in their behavior of attempting to block the export of "strong cryptosystems", because that merely makes their job harder.
In all honesty, you will find that the charter for the NSA has a Top Secret clearance level, so we may not actually know the true ajenda of the group, but since they are solely populated by scientists, mathematicians, and engineers, the stories of their involvement in Danger and Daring Do are greatly exaggerated. I would doubt that many of them have ever held a gun before.
So in my not so humble, but somewhat educated, opinion, the popular view of the NSA is fairly inaccurate, and confusingly to me, they seem uninterested in correcting that view.
Comments welcome. But keep in mind that these are the opinions of one person based on contact through job fairs, interviews, and cryptographic history articles. "
So what image do you think represents the real NSA? Are they closer to the Spooks from Hollywood, or are they just normal people like you and me?
Just kidding Gary...if in fact that is your real name, after all, Anonymous Coward is my real name. wait a sec,some one's knocking at my doo ~h?#~~~~DISCONNECT
When my dad was in Vietnam (5th Special Forces) his team was under the direction of the NSA and he answered to them. So I don't know if the NSA carries guns themselves, but they can control those that do. Their charter (or whatever), Executive Order 12333 of 12/4/1981 states "The Information Assurance mission provides the solutions, products and services, and conducts defensive information operations, to achieve information assurance for information infrastructures critical to U.S. national security interests." To me, this would indicate that they can proform "operations" to gather information for "national security interests". Sounds like employing spys to me. FYI: my dad's missions involved being in countries that the US was not supposed to be involved in doing recon.
Probably true, but they do have field agents; what sort of activities these guys do is anybody's guess. One interesting piece of trivia is that the first American casualty in Viet Nam was an NSA agent posing as a USAF SSgt.
They're also doing some of the leading work in things like computerized face recognition. They've already got this working surprisingly well, and claim that it's far more accurate than a fingerprint. 'Course if they admit that much, who knows what they've actually got going there; maybe it can guess your weight too. ;)
The most interesting thing to me is that they have their own fab; they can design and build all the custom chips they want in house. I'd be willing to bet they've commited some sweet things to silicon in there. It's also interesting to note that they say the fab is for designing chips for the purposes of encryption, not decryption. Personally, I wonder how big a wink comes with that statement.
The NSA has a CM-5. I know, because I saw it. Sitting idle in the public museum. With other 'outdated and useless' computers (like a Cray XMP and a big robotic disk loader).
So if they don't use a CM-5 because it's obsolete for them, I shudder to think of what they do use. Although god forbid they should sell the old mainframes to people who could give them good homes. Quake's been ported to the Connection Machine, right?
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
I never said this was a fact, and I even said that this is _NOT_ a conspiracy theory. All I was stating was that I thought it was weird that she'd know shitloads about everything else, but when it came to PGP specificly she wouldn't answer any questions. From her reaction, I got the impression that there was something else going on other then her just not knowing. In fact her answer wasn't "I don't know" but rather "I can't discuss that" (not verbatum). I probably should've said this earlier though ;)
As A Class Level C security holder, I must now take all of you in custody. You have discussed a three letter anacronym that shall not be observed without the proper clearance, which we all have not * since the reason why I have not said ...SAID anacronym *
Seriously folks, my father and I have both worked for the intelligence community, and it is NOTHING LIKE we see in the movies.... Especially the NSA,
Picture a bunch of tie-dyed dead-head ( oh Hell forget the stereotypes) THEY ARE GEEKS JUST LIKE SOME OF US!!!!!!!!!!!! they just have better paying jobs with more security concerns than the average BOFH (like me)..... Like DLR said on "Everybody wants some"..... " come on guys.... Gimme a break "
-- Life: Hate the Game... Love the cereal
They also said that it was able to brute force a regular unix password in less than a second!
:-)
A modern day PC can brute-force a typical UNIX password in under ten hours. Far less for a password based on a dictionary word, etc. Put a supercomputer on it, and I'm sure it won't take long. This is why we have shadow passwords...
I figured if she would answer my question that it'd be that they attack the seperate components of PGP, but since she _didn't_ answer it, I assumed that they know of a weakness in it
More likely, she just didn't know. The biggest misconception people have about large government agencies is that they function as a single unit. That is contrary to one of the most basic rules of security -- unless you need to know, you don't.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
If you're interested in the NSA James Bamford has done a great job writing a history of No Such Agency, _The_Puzzle_Palace_ It doesn't have the latest developments (written in the early 80's) but it's about as good as I think you can get being on the outside.
They also have a homepage: http://www.nsa.gov:8080/
Here's an interesting comment I found regarding the size and funding of the NSA:
* "Spying Budget Is Made Public By Mistake", By Tim Weiner
* The New York Times, November 5 1994
*
* By mistake, a Congressional subcommittee has published an unusually
* detailed breakdown of the highly classified "black budget" for United
* States intelligence agencies.
*
* In previously defeating a bill that would have made this information
* public, the White House, CIA and Pentagon argued that revealing the
* secret budget would cause GRAVE DAMAGE to the NATIONAL SECURITY of
* the United States.
*
* $3.1 billion for the CIA
* $10.4 billion for the Army, Navy, Air Force
* and Marines special-operations units
* $13.2 billion for the NSA/NRO/DIA
*
* The only damage done so far is to the
* credibility of those who opposed the measure.
The NSA is an organisation designed and designated to, in secret, subvert both American and non-American privacy and freedom for the larger cause of "national security" (and to some extent even some international security).
... you know the cliche.
/. is like a steer's horns, a point here, a point there and a lot of bull in between.
However, national security is a thing of the past. What threat is their towards american national freedom? Really?
There is only one enemy left, and it is only as dangerous as we are letting it be (for reasons of commerce) and actually more interested in the continued repression of its own people then anything to do with us (hmm, I wonder if Chinese people can access Slashdot... and if they do??).
Instead, the entire intelligence community, which, no doubt, is undemocratic in the very secrecy of its nature, has gotten so happy with its own unbarred existance that it just is not about to let go. To some extent they try to justify their actions in the public eye by speaking of the horrid, but largely imaginary, terrophiles from which they are keeping us and our children safe, but to an even larger degree they don't need to defend themselves. Shadow organizations like the NSA already have their claws so deep in the bumbling, populistic, corrupted to the bone political climates like Washington, that they simply are not under any threat at all.
SAFE will never pass. The NSA knows it, we know it.
What I wonder about, more than anything else is: Where does the NSA find new mathematicians?
They are the largest employer of mathematicians in the WORLD, meaning they are picking the best and brightest of maths majors like me right out of university and using them in a work that is shifting from subverting the freedom of people to the useless struggle to keep an organization with no use alive.
Why do people do it? As I see it, it must either be ignorance or cynisism. Either because they, like the scientists who worked away building bombs and rockets for the Nazis, are too enclosed in their work and research to look even one second at what they are doing, and who they are doing it for.
Or, because they share the simple, yet dark, conviction that a free society needs to be schimera in order to exist. That man kind simply isn't capable of being free without destroying itself. That out of arrogance for people they are doing them a favour by deciding their lives for them.
And maybe they are right. But then I say we might as well let things take their course. Give me freedom or
-
> The RAND Corporation's Netwar report, prepared
> for the U.S. government, recommends that the
> govt assists repressive governments in defending
> themselves in struggles over their reputations,
> and that repressive governments can do this with
> a variety of dirty tricks and covert operations.
You obviously didn't read the summary... The
whole point was that a repressive government was
vulnerable to a netwar if and only if it is:
1. In a state of political flux
2. In the process of opening up political freedom
3. Requiring greater world participation in its
economy.
Thus, only states which are becoming more
liberalized, with greater personal freedoms and
are starting to actually participate in the world
economy and wish to benefit from international
trade are vulnerable to this sort of attack.
Looks to me like the whole concept of a netwar is
empowering a minority to harass a (silent?)
majority. Hmmm...
So... A radical revolutionary group who wishes
to overthrow a burgeoning democratic government
starts a netwar and sets them back 10 years
because there's so much apparent trouble in this
country that nobody wants to do any business with
them. Thus, even though it is the growth of freedom in such a country which provides the
tools necessary to do public damage, and
Don't like my sig? I don't either.
I'm sure the NSA is far less scary than Hollywood would have it, unless you happen to be on their short list anyway.
I guess the major question in my mind is the degree of autonomy they may have. Presuming they are effectively reviewed and controlled by our government and not a hidden branch of it, there's not much more to fear there than with the military. Just make sure the politicians don't use them inappropriately. How you can do that without knowing what the NSA is up to is an interesting question however. Amounts to electing those you trust, which leaves some of us a little unsatisfied.
In view of the lack of normal feedback over operations I consider a distrust of the NSA a healthy thing. If they tried something really horrible, and it got out, people would believe it. You might consider Echelon an example. So they have to be a little careful, both in their security, and not doing stuff that's too embarassing if they get caught, because eventually, everything that's really juicy leaks.
I can corroborate your view- I attended Presidential Classroom in summer of '97- our program coordinator was "flag"-level clearance at teh NSA. (if you don't know, maybe you don't want to) We had a walking tour of the facilities, and this much I can tell you- #- The NSA is the #1 recruiting center for "theoretical" mathematicians (number/ring/field theory, abstract/linear algebra, analysis) in the world. (approximately 70% of the talent pool) Read their recruiting page (easy enough to find)- at least the NSA realizes that pure mathematics eventually advances all of technology. #- Where we visited, the people were quiet but friendly: to sum up, there are numerous signs with 50's-style comic-book people waving their fingers and saying "Remember, no confidential talk." #- The NSA is an impressive R&D dept. in their own rite outside of cryptography- the projects we were "allowed" to view included: high-penetration PCMCIA wireless-LAN (at the time of my visit, 1000 yards through concrete and steel); fingerprint pattern recognition via embedded systems about as big as a credit card (dead serious- we were told to expect it to be a standard in about 4-5 years);and finally, natural language recognition that gives Dragon Naturally Speaking (?) pause. (so far, Spanish, Japanese, and certain dialects of English are recognized) It's an impressive facility, and I would encourage anyone who wants to know more to take the tour- there ARE certain things that the people who work there can tell you about. Not EVERYTHING's top secret.
Are the ones we catch. The ones who get nominated for Darwin awards. The ones who fail.
You will never see a smart criminal because they don't get caught. They get elected for office, own corporations, control institutions, etc. They figure out how to use the system to their advantage.
They probably aren't that different than successful businessmen, excepting that successful businessmen also, as a side effect, benefit the country, the people, or the economy.
-AS
-AS
*Pikachu*
The NSA may just be a bunch of geeks, but the power of geekhood may be used for good or for evil. Don't forget that Hitler had a huge crypto department, too, with Enigma and all. Just because an organization employs geeks doesn't mean that they're doing things true geeks/hackers would approve of. It just means they require skills that only geeks have (math & coding primarily) and are willing to pay for those skills.
Crypto in the hands of the mafia, or kiddie porn peddlers, does society no good. Crypto in the hands of honest citizens who value their privacy does society no harm. It's a shame that the NSA, the treasury department, and our government have taken the first as a reason to hinder the second.
I am the king... of No Pants! www.penny-arcade.com
---- aut viam inveniam aut faciam
In fact.. based on this model of what the NSA is and isn't... many of the people reading this are members of the NSA... /. is afterall 'News for Nerds'.
NSA MONDAY MORNING {at the coffee machine):
NSA AGENT 1: Hey guys, did you check out slashdot over the weekend?
AGENT 2: No, I was installing Mandrake 6.1 and I coulnd't get the darn ppp connection up..
AGENT 1: Well check it out... they're on to us.
/* CDM */
hi, i'm neko, and i work for the nsa. (crowd replies "hi, neko")
:) ). we aren't freaks, and i can attest that we're not all brainiacs (don't make me recall some bad examples *shiver*)
seriously, i'm a korean linguist, and while i put on an air force uniform to go to work, it's the nsa which really calls the shots. although i've not worked in the nsa headquarters in maryland (i don't plan on it either, since it just means getting bounced back here to korea every other year, and korea's not bad anyway), i can tell you what i know from my perspective (well, not all of it, of course).
to be honest, what we do we regard as Just a Job. granted, a deadly serious job, but that's as maybe, it's still a job. we don't go around talking spy talk or codewords, i've never met agent 99, we don't hack into you computer at night, and we spend more time than any of us will admit irritating each other with stupid practical jokes just like everyone else (we locked our flight commander in a phone booth the other night, that was a sight
as for specifically what we do, i of course can't say much about it, but suffice to say that no, we don't spend our time spying on americans, or south koreans for that matter. in fact, there are quite explicit guidelines about making damn sure that we don't. as for the 'black helicopter' conspiracy perception of the lot of us, i have to say it's pretty much bogus from what i've seen. personally i thought the earlier story regarding bar codes with social security number being placed on high school students to be far more disturbing than anything i've seen here. we sure the hell don't do anything like that.
in short, if you don't believe anything i've said here, and hate us because of some book you read or something on dateline, then fine, that's not our job. just remember that our job is to help prevent wars, and help minimalize the loss of american lives in case one breaks out, and i think we do a damned good job of it. i know south korea is happy to have us here (and they do know exactly what we do, sicne we work with korean soldiers side by side), even if you're not.
-- the opinions stated above aren't those of my employer. in fact, they're probably not even my own. you know what, ju
NSA job requirements:
- Degree in computer science/engineering, electrical engineering, math, or whatever language the enemy is speaking today (Arabic languages)
- U.S. citizenship of you and your immediate family (though I hear this is sometimes waived)
- Ability to pass a detailed background check for security clearance
That's about it. The NSA has all sorts of educational programs, such as one I am applying for where they will pay for your college education if you go to work for them afterwards. Free college, guaranteed employment, and if you're really good private enterprise will pay 'em off and you go work for someone else.
From what I know (based on a Discovery Channel program) they have their own chip manufacturers in their main headquarters making processors for a warehouse-sized supercomputer submersed in a non-conductive coolant (which is located in the basement). They also said that it was able to brute force a regular unix password in less than a second! Thats 30 Years of computing time for those of us with a pentium.
A woman from the NSA recently came to give a colloqium for the math dept at my school. One of the things she talked about was cryptography and why the NSA doesn't like us having large keys. One of my questions was why the NSA has never (as far as I know) attacked PGP. I figured if she would answer my question that it'd be that they attack the seperate components of PGP, but since she _didn't_ answer it, I assumed that they know of a weakness in it (maybe some type of multiplication by a number). I've been speculating ever since.
I used to work for a USAF contractor developing COMSEC (communications security) accounting software. I can tell you that that primary role of the NSA is making and breaking cryptography. (If you want to speculate wildly on secondary roles, be my guest.)
Ironically, the two parts of their major role are polar opposites. On one hand, the NSA researches new crypto systems, evaluates and approves third-party (i.e., commercial) crypto systems, generates and distributes key, and provides infrastructure to keep all that running.
On the other hand, they are constantly involved in trying to break enemy crypto systems -- providing COMINT (communications intelligence) and SIGINT (signal intelligence) to the rest of the government. They're generally not involved in classic Hollywood "spy stuff". They don't have agents (ala James Bond), domestically or abroad. That's the domain of the CIA.
To the people in the field, the NSA was a source of bureaucracy and paperwork, but did not inspire much fear. The expansion "National Stupidity Agency" was far more common then "No Such Agency".
Which is not to say the NSA is not extremely paranoid. It is. The rules for EMSEC, COMPUSEC, and the like are a royal pain in the you-know-what. The NSA invented them all. But there is nothing "secret" about those rules.
Incidentally, the NSA is trying to get out of the business of generating and distributing crypto key, because it is damn expensive and rather impractical. They distribute over something like 200 tons of crypto key annually. At the same time, however, they want to maintain full, draconian control over everything. The resulting conflicting efforts would be amusing if my tax dollars weren't paying for it.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
For example, Ronald Reagon in the early 1980's purposefully caused the recession at that time. Inflation was at 14% and getting worse. According to economic theory, you should be able jack up interest rates, throw millions of people out of work, and within a year the economy will recover, but resume at a much lower inflation rate.
As it turns out, Ronnie was right. But try explaining that to the people at the beginning of the recession who lost their jobs. I'm sure if they really understood how much control the government has over whether or not to force the country into a recession, they would be majorly pissed off.
Likewise, consider US cryptographic export restrictions. While its theoretical purpose is to make it easier for the NSA to spy on foreigners, it has the weird effect of reducing encryption within the United States. The average person in the US uses 40-bit encryption. Lots of products (such as the new AirPort wireless LAN) use 40-bit encryption because of this, even within the US. I think the government really does understand that export restrictions really have an effect on the encryption used by their own population.
On the other hand, I like low-inflation, and I also like the fact that I personally have easy access to 128-bit encryption but that the average stupid criminal doesn't. In other words, I think I like conspiracies. :)
My grandfather was an agent of the NSA, and so I know a little bit about it, but most of my knowledge comes from everyone but him. He never really talks about it, but I have to wonder what a WWII vet and a NSA employee would think of Cryptonomicon. I know for a fact that he's good with simple cryptosystems, even though we have no knowledge of him ever working in that field. We (family members) believe that at later stages, he was mostly administrative, working on intercepting transmissions.
:)
The NSA is really an outgrowth of what was known as the Army Security Agency, in which he spent a lot of time doing something involving lots of radios and the Philippines [intercepting foreign communications]. The NSA and ASA both exist now, but apparently the NSA is essentially a workhorse agency, taking orders [more like kind requests] from the other cloak-and-dagger types. They have two basic functions, those being to monitor the world's radio traffic [if one visits Fort Meade, Maryland, they will note the large geodesic bubbles on the tops of buildings; apparently the purpose is to obscure the directions their satellite dishes point, for obvious reasons], and the other being to decrypt everything in sight. At the same time, they do advise the rest of the Executive Branch on matters of systems security and in the past, have worked on developing secure cryptosystems ["in the past" because one has to wonder whether the private sector is outpacing them in that respect and rendering those efforts outdated] and implementing them.
As far as what the "real" NSA is like, I suppose it's always been a very real phenomenon for me, and I have never really had any illusions about what they do... it appears to all simple inspections that what they do is exactly what they claim to do, except that now, they have been forced to react to the internet, and have thus extended their resources in that direction. However, at least as far as bursting in anywhere, guns blazing, I think that's most likely the last thing they've ever been involved in. The most clandestine thing I can see the NSA doing is setting up big radio antennae inside sketchy little huts in the jungle. Fun
This thread seems to say "the NSA are technocrats".
Our tax dollars hire them to spy on everyone outside the united states and find the connections between all sorts of people, their bank accounts, their friends, political and commercial organizations. They may or may not be spying on Americans as well--they have stone-walled the U.S. Senate on the issue of Echelon.
> I've heard some say they are the biggest
> collection of brains in the US. I think that's
> probably true, except for maybe RAND.
The RAND Corporation's Netwar report, prepared for the U.S.
government, recommends that the govt assists repressive governments in
defending themselves in struggles over their reputations, and that
repressive governments can do this with a variety of dirty tricks and
covert operations.
If these recommendations are being carried out, and I have seen some
evidence to suggest that they are, I suspect information from Echelon is
being used to destroy human-rights networks.
I personally believe NSA intelligence filters from
the NSA => the U.S. Army =>
to the Columbian army => rightwing paramilitary
If the NSA's powerful data collection capabilities have been used in this pursuit, American money is [indirectly] responsible for the the blood of, for example, Columbian and Mexican peasants killed by pro-military paramilitaries.
Merlin
Gary, care to expand on your visit to the NSA? Here's my story:
In '95, I visited the NSA and the National Cryptographic Museum (adjacent to the NSA headquarters). I didn't make it past the barb-wire fence at the NSA, but I did encounter a few spooks.
The front gate was unattended, so I drove right in and parked as close to the big black monolith of a building as I could. My friend and I began to make silly poses and take lots of pictures, joking that we probably weren't the only ones taking photos of us. A man in a white shirt and black tie (think Michael Douglas in Falling Down) approaches us: "Are you lost?" Without waiting for an answer, he briskly walks away. We jump in the car and head to the museum.
A group of Marines were on some sort of field trip to the museum. As they exited, an officer was giving them coffee cups with the NSA seal on them. Wearing my "Clipper Chip Inside" t-shirt, I approached him and asked how I might get one. After a few minutes of "you punks don't know the reasons the world needs the Clipper Chip...to tell you would be a breach of national security," he agreed to sell me one for $8 cash.
So, no real MIB-types. But there's certainly a spook mentality around that place.